Introducing: Roles and permissions

Posted on 14th Mar 19 by David Simpson

You can now manage and restrict your team's access to the features, records, and fields of your Beacon database.

Every team is different. But every team needs to make sure that the data that's important to them is secure. Whether it's a donor's telephone number or a patient's medical notes it's critical to make sure that data can only be accessed by the right people.

That's why we've built a new roles and permissions system into the core of Beacon. Now you have complete control over what users can access, right down to the field level - and it's pretty straightforward to configure.

Lets take a quick look at the important features of your new roles and permissions system.

1. It's easy to organise your team

You can create different roles within your organisation and add users to these roles. This means that you can give your different teams access to different parts of Beacon and it's easy to manage who is a member of which teams.

2. Turn on the features that are important to you

You can restrict access to entire features within Beacon. You can restrict access to your donation forms to make sure nobody changes important settings. Or you can make reports read only for people who need to review them but don't need to update them.

3. Powerful control over what your users can see

You can control which users have access to the different record types within your Beacon database. And within each record type you can control who has access to different fields. The interface makes it easy to see which permissions you have granted for different records and their fields.

This means that you could create a new field on a person record called "private notes" and only make it available to managers. Other users would never see this field.

4. It's not just convenient - it's very secure

There are two layers of security to enforce the permissions that you set up. First, permissions are propagated through Beacon in real time and they restrict what users can do in the interface. In the example below we can see two browsers which could be on two different machines. The admin on the left is changing some permissions and you can see how they're reflected immidiately for the user on the right. Pretty neat. Very secure.

Secondly, the Beacon database checks a user's permissions before returning any data. If a user doesn't have permission to view something it's not just hidden in the interface - the database doesn't allow access at all. This two layer approach means that you can be confident that your permissions are strictly enforced.

It's time to try it out!

Every user has a new default role created in their account and all existing members have been added to this role. This means that everyone's accounts behave exactly as they did before. Your new roles and permissions system is live and ready to try now. Log in to try it out.

We've also written comprehensive documentation on how to use your new system. You can read the documentation here, and I strongly recommend that you do!

As usual, I'm really keen to hear what you think! Fire off an email to [email protected] or click the intercom button in the bottom right corner of this page to get in touch.

About the author

David Simpson is the CTO at Beacon. He's dedicated to making Beacon the best nonprofit database in the world.